Microsoft researchers are experimenting with an automatic code zapper for the company's Internet Explorer Web browser.

Researchers at the Redmond, Wash., company have completed work on a prototype framework called BrowserShield that promises to allow IE to intercept and remove, on the fly, malicious code hidden on Web pages, instead showing users safe equivalents of those pages.

The BrowserShield projectthe brainchild of Helen Wang, a project leader in Microsoft Research's Systems & Networking Research Group, and an outgrowth of the company's Shield initiative to block network wormscould one day even become Microsoft's answer to zero-day browser exploits such as the WMF (Windows Metafile) attack that spread like wildfire in December 2005.

"This can provide another layer of security, even on unpatched browsers," Wang said in an interview with eWEEK. "If a patch isn't available, a BrowserShield-enabled tool bar can be used to clean pages hosting malicious content."

BrowserShield, described by Wang as a tool for deleting embedded scripts before a Web page is displayed on a browser, can inspect and clean both static and dynamic content. Dynamic content has become a popular vector for Web-borne malware attacks of late, security experts have said.

The framework could work particularly well, as it could provide a safety net, protecting many Web surfers from themselves.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service